Privacy Notice

This privacy notice tells you what to expect when our organisation collects personal data and how to contact us should you wish to discuss any aspect of how we handle that data.

Our organisation

We are a not-for-profit organisation whose aim is to promote information security across the Channel Islands. If you have any queries about how we deal with personal data, the best way to contact us is by email, at admin@ciisf.org.

The data we process

We hold and work with committee and membership data.

Our membership list is managed using MailChimp (www.mailchimp.com). You can see their privacy notice at https://mailchimp.com/legal/privacy/; it is a secure service and the login credentials we use are suitably complex. We retain the name and email address for each of our members and of course if you wish to discontinue your membership you can just drop us an email and we will take you off the list. We carry out an annual purge of old member data; so if you leave u, we will not hold on to your data for more than a year. We use the membership data to communicate with our members: we do not do any profiling or automated processing with it.

If we run an event, one or more of the committee members will have a copy of the attendee list (names and email addresses) and if we use an event management agency then they will have access to the attendee data too. We will use only agencies whose data protection regime we are happy with. We will not keep the personal data for more than a year after the event finishes, though we may use an anonymised version of the data for statistical purposes.

Because committee members email each other directly, each member has the others’ email addresses on their computers or smartphones.

Meeting minutes are retained for no longer than ten years; minutes sometimes contain personal data, but usually nothing more than people’s names.

We do not sell any data to anyone else.

Internet interaction

Our website

Our website is a basic set of pages hosted by SquareSpace. We do not keep personal data on the website, but it does use cookies in order to make it work properly.

People who email us

Various members of the committee have access to the main admin@ciisf.org mailbox. We have an annual purge of the email inbox and we will not keep any messages for more than five years.

Contact for data protection purposes

You have a number of rights under the laws of data protection. As we mentioned earlier, please contact us at admin@ciisf.org if you have any queries or concerns. We retain a log of requests that we receive and remove entries when they are a year old.

Right of access

You can contact us to request a copy of any personal data we hold about you on our systems or in our files, along with information about what we use it for. We must respond to you in a reasonable timeframe which will always be within a month. Unless the request is particularly complex or onerous, there is no cost to you for making these requests.

Right to rectification

We must ensure that the data we hold about you is accurate. If you tell us that something is wrong, we will correct it and then confirm to you that we have done so.

Right to erasure

If you ask us to erase your personal data, we must do so unless there is a legitimate reason for us to keep it (which we will discuss with you).

Right to restriction of processing

If there is some dispute between you and us regarding the use of your personal data, you have the right to ask us to restrict the processing of your data. This means we can continue to store it but we cannot do anything else with it until the dispute is resolved. We will inform you prior to beginning processing once the restriction has been removed.

Complaints

This privacy notice is deliberately short – we do not think you want to wade through War and Peace. If you have any queries at all, you are welcome to contact us at admin@ciisf.org.

If you are dissatisfied with the way in which we deal with your queries, you may contact your local data protection supervisory authority or write to our local Information Commissioner:

The Channel Islands Information Security Forum is the association for cybersecurity and information security in Jersey and Guernsey.A not-for-profit organisation registered with the Jersey Financial Services Commission.